Date: Thu, 27 Sep 2001 08:28:24 -0700 (PDT) From: Christopher Strzelczyk <cstrzelc@yahoo.com> To: freebsd-questions@freebsd.org Subject: Apache server log Message-ID: <20010927152824.55499.qmail@web12501.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello,
I was wondering if the following Apache log data
is a result of the Nimda virus or if it's a real hack
attempt.
[Thu Sep 27 01:24:29 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/msadc/..%5c../..%5c../..%5c/..Á^\../..Á^\../..Á^\../winnt/system32/cmd.exe
[Thu Sep 27 01:24:29 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/scripts/..Á^\../winnt/system32/cmd.exe
[Thu Sep 27 01:24:29 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/scripts/..À¯../winnt/system32/cmd.exe
[Thu Sep 27 01:24:29 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/scripts/..ÁM-^\../winnt/system32/cmd.exe
[Thu Sep 27 01:24:30 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/scripts/..%5c../winnt/system32/cmd.exe
[Thu Sep 27 01:24:30 2001] [error] [client
198.88.14.4] File does not exist:
/usr/HTTPServer/htdoc
s/en_US/scripts/..%2f../winnt/system32/cmd.exe
The script thinks it's a windows box. I think this is
the latest virus but I'm not sure. Also are there any
programs I can run to block logging of these messages
to the error_log. The logs are getting quite large.
Thank You
-Chris
=====
Chris Strzelczyk
cstrzelc@yahoo.com
chris4136@email.com
__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010927152824.55499.qmail>